<?php

/*
	info: 用户登录
	date: 2011-12-23
*/

define('PAGESCRIPT', 'login');
define('USER_LOGIN_CHECK', TRUE);
require dirname(__FILE__).'/include/common.inc.php';
global_ConnectDB();
$webglobal['find_time'] = 24;

if ($webglobal['action']!='exit' && $user['base_uid']>0)
{
	$tempgourl = (!empty($webserver['comeurl']) && !preg_match('/^.*login.*$/', $webserver['comeurl'])) ? $webserver['comeurl'] : WEBURLPATH.'/index.php';
	global_ShowMessage("欢迎回来，{$user['base_username']}。", $tempgourl);
}

//退出登录
if ($webglobal['action']=='exit')
{
	$usercheckobj->ClearUserCookie();
	global_ShowMessage('您已成功退出。', WEBURLPATH.'/index.php');
}
//个人找回密码
elseif ($webglobal['action']=='findpass')
{
	if (isset($webrequest['success']))
	{
		global_ShowMessage("找回密码邮件已经发送到您的邮箱，请点击邮件中的链接进行修改密码操作，有效期{$webglobal['find_time']}小时。");
	}
	if (isset($webrequest['check']))
	{
		global_CheckPost(
			array(
				//array('username','str','','请输入用户名',1),
				array('email','email','','请输入E-mail地址',1),
		));
		if (empty($webglobal['CPM']))
		{
			$tempuserinfo = $db->GetOne("SELECT * FROM {$webconfig['dbpre']}user WHERE email='{$webglobal['CPP']['email']}' AND status>-1");
			if (empty($tempuserinfo))
			{
				$webglobal['CPM']['nothave'] = '不存在该用户';
			}
		}
		if (empty($webglobal['CPM']))
		{
			$temprandnum = global_Random(6);
			$db->Update('user', array('authcode'=>$temprandnum), "id='{$tempuserinfo['id']}'");
			$tempactiveurl = "http://{$webserver['webhost']}".WEBURLPATH."/login.php?action=resetpass&code=".global_EncryptKey("0,{$tempuserinfo['id']},{$temprandnum},{$webserver['timestamp']}", WEBAUTHKEY);
			include_once WEBFILEPATH.'/include/email.class.php';
			$sendemailobj = new Email();
			$sendemailobj->Send($webglobal['CPP']['email'], "{$webcache['setting']['sitename']} 用户找回密码邮件", "亲爱的{$tempuserinfo['nickname']}：<br />&nbsp;&nbsp;&nbsp;&nbsp;请点击以下链接重新设置密码，{$webglobal['find_time']}小时以内有效，如果不能点击请复制以下链接到浏览器地址栏打开。<br /><a href=\"{$tempactiveurl}\" target=\"_blank\">$tempactiveurl</a>", 1);
			global_GoToUrl(WEBURLPATH.'/login.php?action=findpass&success');
		}
	}
}
//商家找回密码
elseif ($webglobal['action']=='comfindpass')
{
	if (isset($webrequest['check']))
	{
		global_CheckPost(
			array(
				//array('username','str','','请输入用户名',1),
				array('email','email','','请输入E-mail地址',1),
				array('reason','str','','请输入申请原因',1),
		));
		if (empty($webglobal['CPM']))
		{
			$tempuserinfo = $db->GetOne("SELECT * FROM {$webconfig['dbpre']}company WHERE email='{$webglobal['CPP']['email']}' AND status='1'");
			if (empty($tempuserinfo))
			{
				$webglobal['CPM']['nothave'] = '不存在该商家';
			}
			else
			{
				$tempishave = $db->GetOne("SELECT * FROM {$webconfig['dbpre']}find_pwd WHERE company_id='{$tempuserinfo['id']}' AND status='0'");
				if (!empty($tempishave))
				{
					$webglobal['CPM']['isfind'] = '已经申请了找回密码，请耐心等待审核';
				}
			}
		}
		if (empty($webglobal['CPM']))
		{
			$tempaddid = $db->Insert('find_pwd', array('company_id'=>$tempuserinfo['id'],'reason'=>$webglobal['CPP']['reason'],'status'=>0,'addtime'=>$webserver['timestamp']), TRUE);
			global_ShowMessage("您的申请已经提交，待审核后会发送找回密码邮件到您的邮箱，请注意查收。");
		}
	}
}
//重设密码
elseif ($webglobal['action']=='resetpass')
{
	$webrequest['code'] = isset($webrequest['code']) ? trim($webrequest['code']) : '';
	$temparray = explode(',', global_DecryptKey($webrequest['code'], WEBAUTHKEY));
	if (count($temparray) != 4)
	{
		global_ShowMessage("参数错误。");
	}
	$temparray[0] = intval($temparray[0]);
	$temparray[1] = intval($temparray[1]);
	$temparray[3] = intval($temparray[3]);
	if (($webserver['timestamp']-$temparray[3])>$webglobal['find_time']*3600)
	{
		global_ShowMessage("您所请求的地址已失效。");
	}
	if ($temparray[0]==1)
	{
		$temparray[2] = intval($temparray[2]);
		$tempuserinfo = $db->GetOne("SELECT F.*,C.username AS c_username,C.email AS c_email,C.name AS c_name,C.english_name AS c_english_name FROM {$webconfig['dbpre']}find_pwd F LEFT JOIN {$webconfig['dbpre']}company C ON F.company_id=C.id WHERE F.id='{$temparray[2]}' AND F.company_id='{$temparray[1]}' AND F.status='1'");
		if (empty($tempuserinfo) || empty($tempuserinfo['c_username']))
		{
			global_ShowMessage("您所请求的地址已失效。");
		}
	}
	else
	{
		$tempuserinfo = $db->GetOne("SELECT * FROM {$webconfig['dbpre']}user WHERE id='{$temparray[1]}' AND status>-1");
		if (empty($tempuserinfo) || $tempuserinfo['authcode']!=$temparray[2])
		{
			global_ShowMessage("您所请求的地址已失效。");
		}
	}

	if (isset($webrequest['check']))
	{
		global_CheckPost(
			array(
				//array('username','str','','请输入用户名',1),
				array('email','email','','请输入E-mail地址',1),
				array('password','password','','密码至少为6位',1),
				array('passwordtwo','password','','重复密码至少为6位',1),
		));
		if (empty($webglobal['CPM']))
		{
			if ($webglobal['CPP']['password']!=$webglobal['CPP']['passwordtwo'])
			{
				$webglobal['CPM']['passwordtwo'] = '两次输入的密码不一样';
			}
			if ($temparray[0]==1)
			{
				if ($webglobal['CPP']['email']!=$tempuserinfo['c_email'])
				{
					$webglobal['CPM']['username'] = '用户名或E-mail地址错误';
				}
			}
			else
			{
				if ($webglobal['CPP']['email']!=$tempuserinfo['email'])
				{
					$webglobal['CPM']['username'] = '用户名或E-mail地址错误';
				}
			}
		}
		if (empty($webglobal['CPM']))
		{
			if ($temparray[0]==1)
			{
				$db->Update('company', array('pwd'=>global_Md5($webglobal['CPP']['password'])), "id='{$temparray[1]}'");
				$db->Delete('find_pwd', "id='{$temparray[2]}'");
			}
			else
			{
				$db->Update('user', array('pwd'=>global_Md5($webglobal['CPP']['password']),'authcode'=>''), "id='{$temparray[1]}'");
			}
			global_ShowMessage("恭喜您，密码修改成功。请使用新密码重新登录。", WEBURLPATH.'/login.php');
		}
	}
}
//用户登录
else
{
	$webglobal['login_message'] = array();
	if (isset($webrequest['check']))
	{
		$webrequest['password'] = base64_decode($webrequest['password']);
		global_CheckPost(
			array(
				array('gourl','','','',0,''),
				array('user_type','bool','','',0,0),
				array('remember,','int','','',0,0),
				array('username','str','','请输入登录帐号',1),
				array('password','password','','密码填写错误',1),
		));
		$webglobal['gourl'] = $webglobal['CPP']['gourl'];
		if (!empty($webglobal['CPM']))
		{
			$webglobal['login_message'] = $webglobal['CPM'];
		}
		else
		{
			$usercheckobj->CheckUser($webglobal['CPP']['username'], $webglobal['CPP']['password'], $webglobal['CPP']['user_type']);
			if ($user['base_uid'] > 0)
			{
				$usercheckobj->SetUserCookie($user['base_uid'], global_Md5($webglobal['CPP']['password']), $webglobal['CPP']['user_type'], $webglobal['CPP']['remember'] ? 1209600 : 0);
				if ($user['base_type']==1)
				{
					$db->Update('company', array('loginip'=>$user['ip'],'logintime'=>$webserver['timestamp']), "id='{$user['base_uid']}'");
				}
				else
				{
					$db->Update('user', array('loginip'=>$user['ip'],'logintime'=>$webserver['timestamp']), "id='{$user['base_uid']}'");
				}
				$tempgourl = (!empty($webglobal['gourl']) && (!preg_match('/^http.+/i', $webglobal['gourl']) || global_FormatHost($webglobal['gourl'])==$webserver['webhost'])) ? $webglobal['gourl'] : WEBURLPATH.'/index.php';
				global_ShowMessage("欢迎回来，{$user['base_username']}。", $tempgourl);
			}
			else
			{
				$webglobal['login_message'] = $usercheckobj->err;
			}
		}
	}
	else
	{
		$webglobal['gourl'] = isset($webrequest['gourl']) ? $webrequest['gourl'] : $webserver['comeurl'];
	}
}

template_Display('login');
